2 replies to this topic

[imadoofus]

Hi there.
I warn any good Samaritans in advance - I'm horribly ignorant and incompetent with these sorts of things.

I have a Dell Inspiron 6000 with XP on it, and at the moment I can only access IE in safe mode as an administrator. My Norton AV has been turned off and won't come on; also some other software won't open, and I can't search for files (in normal running mode, at least - I can in safe mode).

I got the Virus Response Lab 2009 virus and a few other malware friends came along for the ride; I seem to have gotten rid of most of avrlab with Norton (back when it worked) and MBAM, though there are some stragglers left. When I run MBAM now, it tells me that there are between 8 and 11 infected files left, mostly trojan.zlob), but when I try to remove them, the program freezes, generally while the status bar at the bottom tells me that it is trying to quarantine this file: KEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avrlabs

Here is the log I saved from this morning's attempt.
I'm not really sure what to do, and I would really appreciate any advice that anyone might be able to give me. There are a number of posts on here that seem to be similar, but I don't know enough about my system to feel confident deleting files or wiping system restore points etc (even if I knew how to do any of that).

Again, eternal gratitude if anyone could point me in the right direction.

-A Doofus


Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Tony Antoniades\0E513D7E8235ADE0\0E513D7E8235ADE0.x86 (Rootkit.Zlob) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d695b871-8020-4041-a6d2-59f922e1b2e2} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\avrlabs (Rogue.AntiVirusLab) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avrlabs (Rogue.AntiVirusLab) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Tony Antoniades\0E513D7E8235ADE0\0E513D7E8235ADE0.x86 (Rootkit.Zlob) -> No action taken.

[exile360]

Greetings and welcome to Malwarebytes'. Please read the instructions here: http://www.malwareby...?showtopic=2936 and post your logs in a new topic here: http://www.malwareby...php?showforum=7 If some of the scans won't function, just do the ones you can.

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

[imadoofus]

Thanks you so much - that is extremely helpful.
I'll get hopping - many thanks.

=o)